Google+ Badge

Thursday, 12 March 2015

Y3sh, I have skipped level 7 since I got stuck at the page itself, so here is my solution to level 8. You can find the challenge from this link and explore from the drop-down menu or directly to this level.

This is fairly simple and kinda straight forward. The page itself was presented similar to level 6 where we have to download a file to get going.

Similar to level 6 as well, we would have to analyze the file downloaded. However, this time, its an executable .exe file instead of a .pcap. With some experience dealing with .exe and some other executable files from my studies, I recommend to try viewing its static contents with a hex editor above anything else. If you are using a linux machine or OS, you could also get similar results by running a 'string' command against this file.

In my solution, I have downloaded, installed and used a hex editor since I am lazy enough to not launch my linux VM =P. What you can see below is the screen capture of Hex Edit reading the static ASCII contents from the file downloaded (app.exe).

After some scrolling downwards, we will find the ASCII string of the flag itself. For the curious ones, just hit 'CTRL+F' then search for the keyword 'flag'.

Hello, you may have noticed that have skipped some levels. I couldnt solve them at this moment, so I went skipping then later go back and try again. For you people out there who wants to try but haven't knew where, here's a link to the ctf's homepage.

So yeah, here is my solution for Level 6! ^^

As you reach the page for this level you would have seen something exactly or similar to this:-

As expected, you would want to click on Yes to actually get the file. The file you would have download is a network capture in .pcap format. Preferably to be opened using Wireshark or you could use something like tcpdump to begin analyzing its contents.

As for myself, I just use Wireshark since I already have it installed. In Wireshark, it would look like:-

Usually people would try to filter out protocols, however, do not be pissed when you read on. Try searching from the first frame of the capture. Attempt to read the "Data" portion of the frame and see if you can recognize it. Data section is refering to information being communicated, so usually it could bring some meaningful things.

If you cant see it yet, right click on the first row of the capture and select "Follow UDP stream". This option will show you the data. Progress as shown below:-

As seen in the second picture, there are some data being transmitted from filenet-rpc to netbios-ssn. Well, don't really have to be bothered about those two weird stuff for now. What we have is this:-

696e666f7365635f666c616769735f736e6966666564

As we can see, it contains alphanumeric characters. This in turn tells me that it could be hexadecimal value. How can we test this? Try to convert it, duh. Haha, yes, I did just that. You don't have to calculate manually. Google for a website that does it for you, this isn't some school test, do it the easy way. =P I did it here but you can use other websites if you wish, or go ahead manually.

Welcome back to n00bs CTF Labs you can open up the ctf via this link or go straight to level 3 for this specific post;
Here is my solution to find the flag for level 3.

This is a case where the flag was twice hidden than previous levels.

At first, you are presented with a QR code that needs to be scanned. (If you have no idea what a QR code is, its similar to a barcode just different format of storing data and obviously they look different.) To know more about it, here is a rather good site to visit: - WhatIsAQRCode It is totally about the QR Code in general.

Below is what you will at first when you reach this level/page, no restrictions though. Haha =P.

What I did was download a QR Code reader on my smartphone to have it scanned immediately and see what is the information stored. At this point, I still have no idea that this flag is twice hidden.

As for those who do not have one, well, perhaps google for a website that provides such services or print it out, use a webcam to scan the image via a desktop application or try download/save this image from the actual webpage and then upload the file to the website that does the scanning for you. *Though I have tried and it didnt worked well for me so I went typing out the data from the QR Code instead.*

So, from the QR Code, you should be getting something that looks like:-

For newbies in many aspect from history, security and data representation, it would've looked alot like crap. But thankfully for my knowledge and experience, this is indeed, Morse Code. Yes, it is the old-school ciphertext/'code' used for spying and so on since before World War (I forgot when exactly).

With that, I went on google to search for a website that allows decoding of Morse Codes and I got this site. Having it translated, voila, the answer surfaces - happily in English!

Hey there, so this is a new post on a new blog made because of InfoSec. The link to the challenge homepage is here.

Here goes, there is this sudden activity on CTF from InfoSec Institute I got to know from my email. Since I know a little if not alot about CTFs and have tried other CTFs some time ago, I decided to just give this one a shot.

So here is my solution for the 1st level.

Level 1 - May the source be with you.

Or so the hint have mentioned, the key is the source of the page.

All you would need to do is right-click the page anywhere, and select View Page Source.
This is how it should look like if you're using Google Chrome:-

Clicking that option will then open the html source code of the webpage. If you read from the top instead of the centre first, oh, you'll get the answer alright. ^^

Answer is:-

Flag is welcome. Tada! xD

Hopefully this will raise your interest in moving on to tougher levels and CTFs =P

You could, and I do recommend that you explore the main website further to learn more about InfoSec and what they do from their homepage. ^^ Cheerio!